Merge branch 'main' into renovate/integration

.tekton/tasks/ec-checks.yaml

@@ -23,7 +23,7 @@ spec:
       $(all_tasks_dir all_tasks-ec)
   - name: validate-all-tasks
     workingDir: "$(workspaces.source.path)/source"
-    image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:b6c7dc1a4b66ddd7593e073138212e0fa8587f0c4281cda40b5a5682a727bec7
+    image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:32506176d30c6f6a901b3c496001cda4b7d28153bee3ad9817c1a5eb4480c959
     script: |
       set -euo pipefail
 
@@ -37,7 +37,7 @@ spec:
       ec validate input --policy "${policy}" --output yaml --strict=true ${args[*]}
   - name: validate-build-tasks
     workingDir: "$(workspaces.source.path)/source"
-    image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:b6c7dc1a4b66ddd7593e073138212e0fa8587f0c4281cda40b5a5682a727bec7
+    image: quay.io/enterprise-contract/ec-cli:snapshot@sha256:32506176d30c6f6a901b3c496001cda4b7d28153bee3ad9817c1a5eb4480c959
     script: |
       set -euo pipefail
 

pipelines/enterprise-contract.yaml

@@ -51,7 +51,6 @@ spec:
       type: string
       description: Timeout setting for `ec validate`.
       default: "5m0s"
-
   results:
     - name: TEST_OUTPUT
       value: "$(tasks.verify.results.TEST_OUTPUT)"
@@ -80,7 +79,7 @@ spec:
         resolver: bundles
         params:
           - name: bundle
-            value: quay.io/enterprise-contract/ec-task-bundle:snapshot@sha256:5218a8483bf7100b9f4830049624c8d66c0d1e5bdbbc1797a594e05b5a78ea30
+            value: quay.io/enterprise-contract/ec-task-bundle:snapshot@sha256:7a8e4c27716c1c5653cf4338f58cb2838e2712984c6c29204a28a9bee730df07
           - name: name
             value: verify-enterprise-contract
           - name: kind

pipelines/gitops-pull-request-rhtap/README.md

@@ -4,9 +4,9 @@
 |---|---|---|---|
 |ec-policy-configuration| Enterprise Contract policy to validate against| github.com/enterprise-contract/config//default| verify-enteprise-contract:0.1:POLICY_CONFIGURATION|
 |ec-public-key| The public key that EC should use to verify signatures| k8s://$(context.pipelineRun.namespace)/cosign-pub| verify-enteprise-contract:0.1:PUBLIC_KEY ; download-sboms:0.1:PUBLIC_KEY|
-|ec-rekor-host| The Rekor host that EC should use to look up transparency logs| http://rekor-server.rhtap.svc| verify-enteprise-contract:0.1:REKOR_HOST ; download-sboms:0.1:REKOR_HOST|
+|ec-rekor-host| The Rekor host that EC should use to look up transparency logs| http://rekor-server.rhtap-tas.svc| verify-enteprise-contract:0.1:REKOR_HOST ; download-sboms:0.1:REKOR_HOST|
 |ec-strict| Should EC violations cause the pipeline to fail?| true| verify-enteprise-contract:0.1:STRICT|
-|ec-tuf-mirror| The TUF mirror that EC should use| http://tuf.rhtap.svc| verify-enteprise-contract:0.1:TUF_MIRROR ; download-sboms:0.1:TUF_MIRROR|
+|ec-tuf-mirror| The TUF mirror that EC should use| http://tuf.rhtap-tas.svc| verify-enteprise-contract:0.1:TUF_MIRROR ; download-sboms:0.1:TUF_MIRROR|
 |fail-if-trustification-not-configured| Should the pipeline fail when there are SBOMs to upload but Trustification is not properly configured (i.e. the secret is missing or doesn't have all the required keys)?| true| upload-sboms-to-trustification:0.1:FAIL_IF_TRUSTIFICATION_NOT_CONFIGURED|
 |git-url| Gitops repo url| None| clone-repository:0.1:url|
 |revision| Gitops repo revision| | clone-repository:0.1:revision|

pipelines/gitops-pull-request-rhtap/gitops-pull-request.yaml

@@ -30,11 +30,11 @@ spec:
     - description: The Rekor host that EC should use to look up transparency logs
       name: ec-rekor-host
       type: string
-      default: http://rekor-server.rhtap.svc
+      default: http://rekor-server.rhtap-tas.svc
     - description: The TUF mirror that EC should use
       name: ec-tuf-mirror
       type: string
-      default: http://tuf.rhtap.svc
+      default: http://tuf.rhtap-tas.svc
     - description: The name of the Secret that contains Trustification (TPA) configuration
       name: trustification-secret-name
       type: string